Friday, February 20, 2015

Cyber Alert: Lenovo PCs Vulnerable to HTTPS 'Spoofing'

The National Cyber Awareness System (US-CERT) has just issued a warning about a critical vulnerability in Lenovo consumer personal computers.

US-CERT issued the alert on Friday morning (Feb. 20, 2015), saying the Lenovo PCs using pre-installed Superfish Visual Discovery software have been found to contain a “critical vulnerability through a compromised root CA certificate.”

Exploitation of this vulnerability could allow a remote attacker to read all encrypted web browser traffic (HTTPS), successfully impersonate (spoof) any website, or “perform other attacks on the affected system,” the government warned.

US-CERT recommends users and administrators review Vulnerability Note VU#529496 and US-CERT Alert TA15-051A for additional information and mitigation details,” the warning added.


No comments:

Post a Comment